Have you considered using an interceptor for determining whether or not
the user is logged in? Actions requiring login can be marked with an
interface, annotation, etc. IMO this is a substantially cleaner
architecture.
I'd also *strongly* discourage tying your actions to Hibernate like
this; it makes testing more difficult than necessary and introduces an
unnecessary level of coupling.
All that said, I'm not really sure which parameters aren't being
preserved--are you doing a redirect?
Dave
mathias-ewald wrote:
Hi,
a few days ago I implemented a login mechanism into my web application.
Therefore I use an abstract BaseAction, that asks the implementing class
wheter it want to be password protected or not. If it does and there's no
object named "user" available the Login.jsp is shown. When the Login form
returns the user object is placed into session scope.
The Problem is, that after the Login.jsp has returned to the BaseAction all
parameters that were passed to the implementing Action are lost.
What can I do?
Here' my code:
BaseAction.java
-------------------------------------------------------------------------------
public abstract class BaseAction {
public static final Integer ALLOWED = 0;
public static final Integer DENIED = 1;
public static final Integer DENIED_GROUP = 2;
private String logout = "false";
private String username;
private String password;
protected Log log;
public BaseAction() {}
public String execute() {
if(log == null) {
log = LogFactory.getLog(getClass());
}
Map<String, Object> session =
ActionContext.getContext().getSession();
/*
* if the user wants to logout, delete the object
* from session scope.
*/
if("true".equals(logout)) {
Object userObj = session.get("user");
if(userObj != null) {
session.put("user", null);
log.info("User " + ((UserAccount)userObj).getName() +
" logged out.");
}
}
/*
* in case the username and password values are set, perform
* the login process.
*/
if (username != null && password != null) {
Session s =
HibernateUtil.getSessionFactory().openSession();
Transaction tx = s.beginTransaction();
UserAccount user =
(UserAccount)s.createCriteria(UserAccount.class)
.add(Restrictions.eq("name", username))
.uniqueResult();
tx.commit();
s.close();
if(user == null) {
log.info("Error authenticating user " +
username);
return "loginError";
}
String dbHash = user.getPasswordhash().toLowerCase();
String formHash = MD5Util.md5(password).toLowerCase();
if(dbHash.equals(formHash)) {
session.put("user", user);
log.info("User " + user.getName() + " logged
in.");
} else {
log.info("Password mismatch for user " +
username);
return "loginError";
}
}
/*
* If we get this far, userObject is either successfully logged
* in or null, so get the UserAccount object or set it null.
*/
Object userObject = session.get("user");
UserAccount user = null;
if(userObject != null && userObject instanceof UserAccount) {
user = (UserAccount)userObject;
}
/*
* Now ask the "real" action if access is allowed.
*/
int retVal = isAllowed(user);
if(retVal == ALLOWED) {
return executeAction();
} else if(retVal == DENIED_GROUP) {
return "permissionError";
} else {
return "login";
}
}
public abstract String executeAction();
public abstract Integer isAllowed(UserAccount user);
// getter and setter methods
}
-------------------------------------------------------------------------------
Login.jsp
-------------------------------------------------------------------------------
<html>
<head>
<jsp:include page="/common/Head.jsp"/>
</head>
<body>
<div id="container">
<jsp:include page="/common/Header.jsp"/>
<div id="navi">
Main > Login
</div>
<div id="body">
<br><br><br><br><br>
<div style="width: 40%; margin: 0 auto;">
This page is protected! Please login:
<br><br>
<s:form method="post">
<s:textfield label="Username"
name="username"></s:textfield>
<s:password label="Password"
name="password"></s:password>
<s:submit></s:submit>
</s:form>
</div>
</div>
<jsp:include page="/common/Footer.jsp"/>
</div>
</body>
</html>
-------------------------------------------------------------------------------
Is there any chance to have the parameters preserved?
cu
mathias
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
